Wiretapping, including interception and recording of communications, can be quite useful in investigations by governmental agencies such as law enforcement, as well as and private investigative agencies. Although originally developed to intercept analog telephonic communications, more recently agencies have discovered that wiretapping can also be useful to intercept digital message packets transmitted by a computer or other packet source device, or received by another computer or other packet destination device, over, for example, a digital data network such as the Internet, World Wide Web.
A problem arises in connection with wiretapping of digital message packets which does not arise as readily in connection with wiretapping of analog communications. With wiretapping of analog communications, it is very difficult to tamper with a recording in an undetectable manner. That is, if someone tampers with a recording of analog communications, at least some tampering is likely to be detected, which can, in turn, put into question the veracity of all of the recordings developed during a wiretap. On the other hand, with digital data, the data can be easily tampered with, and the tampering is difficult to detect. The message packets can be encrypted using, for example, a public encryption key/private decryption key mechanism. In such an arrangement, the recording device which performs the wiretap can, after receiving a message packet, encrypt the message packet using the public encryption key. The private decryption key which can decrypt the encrypted message packets is only available to, for example, people who will be making use of the message packets, as evidence in, for example, a trial in court. If the encrypted message packet is tampered with, the tampering is likely to be relatively easily detectable. It is unlikely that an encrypted message packet that has been tampered with would decrypt to a comprehensible message. In addition, if, as is common, the message packet originally had an error detection code, when a tampered-with encrypted message packet is decrypted, it is highly likely that the error correction code Would indicate that the message packet, after decryption, is erroneous.
While the message packets can be encrypted and decrypted as described above to preserve the integrity of message packets recorded during wiretapping, several problems arise. First, encryption of a message packet can require relatively significant amount of time. Accordingly, if the rate at which message packets are being received becomes relatively high, the encryption apparatus can easily become overwhelmed. In addition, although the order in which message packets are received by the wiretap apparatus can be important, the encryption of the separate message packets will not assist in verifying the order in which they are received. A time stamp can be applied to each message packet reflecting the time at which the message packet is received, either before or after encryption, but the time stamps can be applied in an erroneous manner.